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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )El Responsive to communication(s) filed on 01 December 2000 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) CZ! Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 7-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)O The drawing(s) filed on is/are: a)0 accepted or b)0 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 0 Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Paper No(s)/Mail Date 12/01/00 & 4/20/01 . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper NoVMail Date 1 




Application/Control Number: 09/728,558 Page 2 

Art Unit: 2134 

DETAILED ACTION 

1. Claims 1-22 have been examined. 

Priority 

2. No claim for priority has been made in this application. 

3. The effective filing date for the subject matter defined in the pending claims in 
this application is 12/1/2000. 

Information Disclosure Statement 

4. The information disclosure statement filed 12/01/00 fails to comply with the 
provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because Caronni et al.'s 
"Virtual Enterprise Networks: The Next Generation of Secure Enterprise 
Networking," does not contain a publication date. It has been placed in the 
application file, but the information referred to therein has not been 
considered as to the merits. Applicant is advised that the date of any re- 
submission of any item of information contained in this information disclosure 
statement or the submission of any missing element(s) will be the date of 
submission for purposes of determining compliance with the requirements 
based on the time of filing the statement, including all certification 
requirements for statements under 37 CFR §1 .97(e). See MPEP § 609 
C<1). 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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5. Claims 13 and 20 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

6. In claims 13 and 20 "the group" lacks antecedent basis. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

7. Claims 1- 3, 5-10, 12,14-16 and 18-20 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Colby et al. (U.S. Patent No. 6006264) in view 
of Pfleeger (Charles R Pfleeger, "Security in Computing", ISBN 
0133374866, 1996). 

8. Colby et a/, teach a cluster-based public computing environment (Colby et a/., 
col. 2 lines 22-33), and communications between service components 
comprising a network switching system, a plurality of processing nodes 
interconnected via the network switching system (Web Servers, clients and 
Content-aware flow switch), a plurality of application components loaded onto 
the processing nodes (col. 3 lines 10-28 and col. 1 lines 59-65). Content is 
defined as an application in col. 1 (e.g. Java) and col. 3 says that servers 
service a client request for content. The client itself must have means to 
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access the application as well as establish a remote connection between the 
client and server apps, each application component having a respective 
service-access-point defining (i) a network address of the processing node on 
which the application component is loaded and (ii) a port at the processing 
node, the port being associated with the application component (Colby et a/., 
col. 2 lines 8-45, col. 3 lines 10-12). 

9. Colby et al. teach executable logic that responds to an attempted inter-node 
communication between a service and application components but do not 
teach blocking disallowed inter-node communication. 

^0. Pfleeger teaches significant threats to systems connected to the Internet and 
offers an executable logic solution of filtering traffic (Pfleeger sec. 9.5, pgs. 
426-428) which blocks disallowed inter-node communication using network 
and VLAN addresses, and port numbers (SAP) (Pfleeger sec. 9.5, Screening 
Router for example). Therefore in order to improve security it would have 
been obvious to one of ordinary skill in the art at the time the invention was 
made to implement executable logic solution on processing nodes or a 
network switch in order to protect data. 

1 1 .Pfleeger teaches destination addresses saying that "depending on the 

protocol, a header may contain source and destination addresses" (pg. 430 § 
1). Claim 9 is addressed by the section on pg. 430 where Pfleeger says: "A 
screening router might be configured to block all packets... etc." Claim 15 is 
not explicitly addressed, but obviously if a packet is not allowed it is dropped. 
With respect to claim 19, an agent is limited by neither the claim nor the 
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specification; thus it is understood that the software components that are read 
on the agent. Similarly claim 7 calls for an agent and talks about the interface 
through which instructions may be provided. An interface is a necessary 
component. Claim 7 talks about VLAN. VLAN is logical grouping of two or 
more nodes which are not necessarily on the same physical network segment 
but which share the same IP network number. The address range numbers 
provided by Pfleeger, e.g. 100.50.25.x meet this limitation (pgA30 § 2). 

1 2. Pfleeger does not explicitly teach of each service component comprising and 
Internet address of the respective 

13. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Colby et al. (U.S. Patent No. 6006264) and Pfleeger (Charles P. Pfleeger, 
"Security in Computing", ISBN 0133374866, 1996) as applied to claim 3. 

14. Colby et al. and Pfleeger teach at least one of the SAPS comprising a port 
selected from the group consisting of a TCP port. 

1 5. Colby et al. and Pfleeger do not teach at least one of the SAPS comprising 
port selected from the group consisting of a TCP port and a UDP port. 

16. Official notice is taken that it is old and well-known that UDP ports are used in 
internet protocol communication. Therefore it would have been obvious to 
one of ordinary skill in the art at the time the invention was made to include 
UDP ports in order to protect data from UDP attacks. 

17. Claim 11 and 21-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Colby et al. (U.S. Patent No. 6006264) and Pfleeger 
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(Charles P. Pfleeger, "Security in Computing", ISBN 0133374866, 1996) 
as applied to claims 1 and 18. 

18. Co/by et ai teach the attempted inter-node communication. 

19. Colby et ai do not teach an attempted inter-node communication comprising 
an attempted inter-node between antagonistic service components and 
application providers competing for business. Official notice is taken that it is 
old and well-known that the Internet includes nodes with antagonistic service 
components hosted by many competing application providers. Thus it is 
unrealistic to keep out all of the nodes with antagonistic services of the 
internet connection. Therefore it would have been obvious that antagonistic 
serviced components will compete. 

20. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Colby et al. (U.S. Patent No. 6006264) and Pfleeger (Charles P. Pfleeger, 
"Security in Computing", ISBN 0133374866, 1996) as applied to claim 12. 

21 . Colby et ai and Pfleeger teach inter-node data communication wherein the 
data represents information selected from the group consisting of source and 
destination. 

22. Colby et ai and Pfleeger do not teach inter-node data communication 
wherein the data represents information selected from the group consisting of 
service level. Official notice is taken that it is old and well-known to that node 
owners connected to the Internet have various levels agreements. It would 
have been obvious to one of ordinary skill in the art at the time the invention 
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was made to include service level in order to recognize customers bringing 
more profit for paid services. 

23. Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Colby et al. (U.S. Patent No. 6006264) and Pfleeger (Charles P. Pfteeger, 
"Security in Computing", ISBN 0133374866, 1996) as applied to claim 16 
in view of Arendt et al. (U.S. Patent No. 5819091). 

24. Colby et al. teach loading the application components onto the processing 
nodes of the public computing platform. 

25. Colby et al. do not teach assigning to each application component a 
respective trustworthiness measure and a respective criticality measure, and 
using these measures of a given application component to select a given 
processing node of the public computing platform onto which the given 
application component should be loaded. 

26. Arendt et al. teach servers implementing different security levels for different 
applications (col. 7 lines 27-41). Thus it would have been obvious to one of 
ordinary skill in art at the time of applicant's invention to centralize 
applications with the same levels on the same server for better administration, 
security and efficiency. 



No claim is allowed. 



Conclusion 
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Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Peter Poltorak whose telephone number is 
(703) 305-0719. The examiner can normally be reached Monday through 
Thursday from 9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 
3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gregory Morse can be reached on (703) 308-4789. The 
fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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